/*
 * This program is free software: you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation, either version 3 of the License, or (at your option) any later
 * version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * this program. If not, see <http://www.gnu.org/licenses/>.
 */
package org.merak.core.web.mvc;

import javax.servlet.http.HttpSession;

import org.merak.core.model.ProgrammaticException;

public abstract class PrivateBusinessLogic implements IBusinessLogic {

	//~ Methods //////////////////////////////////////////////////////////////////
	//****************************************************************************
	@Override
	/** Blocks all incoming requests from not authenticated users, forbidding them
	 * of executing business logics (control classes) intended to be private. */
	public boolean authorize(HttpSession session) {

		// Recover the key used to look-up for a user in the session
		String accountKey = MVCManager.getSessionAccountKey();

		// Private logics always need this key
		if ( accountKey == null ) throw new ProgrammaticException (
			"You can't declare any business logic as Private since you haven't set " +
			"security settings. Look at Application.xml."
		);

		/* Look up for an authenticated user in the session. If so, the user can
		 * execute the private logic. If not, he/she will be redirected to one
		 * special page or will receive a message about this issue. */
		return session.getAttribute(accountKey) != null;

	}
	//****************************************************************************

}
